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WHAT IS CLAIMED IS: 

1 . A system for providing an authorization framework for an application, 

comprising: 

one or more declarations for specifying authorization enforcement points for one 
5 or more target classes in an application; 

one or more declarations for specifying one or more permission classes for the 
one or more authorization enforcement points; and 

a processor programmed to insert authorization enforcement code into one or 
more of the target classes according to the authorization enforcement points. 
10 3. The system of claim 1, wherein the authorization enforcement points 

correspond one or more methods of the one or more target classes. 

4. The system of claim 1, wherein the authorization enforcement code is in the 
form of byte code. 

5. The system of claim 1, wherein the authorization enforcement code is in the 
1 5 form of script code. 

6. The system of claim 1, wherein the processor is programmed to insert the 
authorization enforcement code in the one or more target classes at runtime of the application. 

7. The system of claim 1 , wherein the processor is programmed to insert the 
authorization enforcement code in the one or more target classes after the application is loaded in 

20 a memory for execution. 

8. The system of claim 1 , wherein the application comprises a set of Java-based 
executable program. 
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9. The system of claim 1, wherein each of the declarations comprise a declaration 

selected from the group consisting of: a constant, a local variable and an instance variable. 

10. The system of claim 1, wherein each of the declarations are stored in a 
deployment descriptor. 

5 11. The system of claim 1, wherein at least one of the declarations specifies a 

subject factory. 

12. The system of claim 1, wherein at least one of the declarations specifies a 
permission factory. 

13. The system of claim 1, wherein at least one of the declarations specifies a 
10 privileged action factory. 

14. The system of claim 1, wherein at least one of the declarations specifies a 
permission action factory. 

15. A method for providing an authorization framework for an application, 

comprising: 

1 5 coding one or more declarations for specifying authorization enforcement points 

for one or more target classes in an application; 

coding one or more declarations for specifying one or more permission classes for 
the one or more authorization enforcement points; and 

inserting authorization enforcement code into one or more of the target classes 
20 according to the authorization enforcement points. 

16. The method of claim 15, wherein the authorization enforcement points 
correspond one or more methods of the one or more target classes. 
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17. The method of claim 15, wherein the authorization enforcement code is in the 

form of byte code. 

18. The method of claim 15, wherein the authorization enforcement code is in the 
form of script code. 

5 19. The method of claim 1 5, wherein the step of inserting occurs at runtime of the 

application. 

20. The method of claim 15, wherein the step of inserting occurs after the 
application is loaded in a memory for execution. 

2 1 . The method of claim 15, wherein the application comprises a Java-based 
1 0 executable program. 

22. The method of claim 15, wherein each of the declarations comprise a 
declaration selected from the group consisting of: a constant, a local variable and an instance 
variable. 

23. The method of claim 15, wherein each of the declarations are stored in a 
1 5 deployment descriptor. 

24. The method of claim 14, wherein at least one of the declarations specifies a 
subject factory. 

25. The method of claim 15, wherein at least one of the declarations specifies a 
permission factory, 

20 26. The method of claim 15, wherein at least one of the declarations specifies a 

privileged action factory. 

27, The method of claim 15, wherein at least one of the declarations specifies a 
permission action factory. 
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28. A computer program product having a computer readable medium having 

computer program logic recorded thereon for providing an authorization framework for an 

application, comprising: 

one or more declarations for specifying authorization enforcement points for one 
5 or more target classes in an application; 

one or more declarations for specifying one or more permission classes for the 
one or more authorization enforcement points; and 

computer readable means for inserting authorization enforcement code into one or 
more of the target classes according to the authorization enforcement points. 
10 29. The computer program of claim 28, wherein the authorization enforcement 

points correspond one or more methods of the one or more target classes. 

30. The computer program of claim 28, wherein the permission class objects are 
in the form of byte code. 

3 1 . The computer program of claim 28, wherein the authorization enforcement 
1 5 code is in the form of script code. 

32. The computer program of claim 28, wherein the computer readable means for 
inserting are for inserting the authorization enforcement code at runtime of the application. 

33. The computer program of claim 28, wherein the computer readable means for 
inserting are for inserting the authorization enforcement code after the application is loaded in a 

20 memory for execution. 

34. The computer program of claim 28, wherein the application comprises a 
Java-based executable program. 
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35. The computer program of claim 28, wherein each of the declarations 

comprise a declaration selected from the group consisting of: a constant, a local variable and an 
instance variable. 

36. The computer program of claim 28, wherein each of the declarations are 
stored in a deployment descriptor. 

37. The computer program of claim 28, wherein at least one of the declarations 
specifies a subject factory. 

38. The computer program of claim 28, wherein at least one of the declarations 
specifies a permission factory. 

39. The computer program of claim 28, wherein at least one of the declarations 
specifies a privileged action factory. 

40. The computer program of claim 28, wherein at least one of the declarations 
specifies a permission action factory. 
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